Re: RGW automation encryption - still testing only?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Totally understand, I'm not really a fan of service-managed encryption keys
as a general rule vs. client-managed. I just thought I'd probe about
capabilities considered stable before embarking on our own work. SSE-S3
would be a reasonable middle-ground. I appreciate the PR link, that's very
helpful.

On Tue, Feb 8, 2022 at 10:29 AM Casey Bodley <cbodley@xxxxxxxxxx> wrote:

> On Tue, Feb 8, 2022 at 11:11 AM Casey Bodley <cbodley@xxxxxxxxxx> wrote:
> >
> > hi David,
> >
> > that method of encryption based on rgw_crypt_default_encryption_key
> > will never be officially supported.
>
> to expand on why: rgw_crypt_default_encryption_key requires the key
> material to be stored insecurely in ceph's config, and cannot support
> key rotation
>
> > however, support for SSE-S3
> > encryption [1] is nearly complete in [2] (cc Marcus), and we hope to
> > include that in the quincy release - and if not, we'll backport it to
> > quincy in an early point release
> >
> > can SSE-S3 with PutBucketEncryption satisfy your use case?
> >
> > [1]
> https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingServerSideEncryption.html
> > [2] https://github.com/ceph/ceph/pull/44494
> >
> > On Tue, Feb 8, 2022 at 10:44 AM David Orman <ormandj@xxxxxxxxxxxx>
> wrote:
> > >
> > > Is RGW encryption for all objects at rest still testing only, and if
> not,
> > > which version is it considered stable in?:
> > >
> > >
> https://docs.ceph.com/en/latest/radosgw/encryption/#automatic-encryption-for-testing-only
> > >
> > > David
> > > _______________________________________________
> > > ceph-users mailing list -- ceph-users@xxxxxxx
> > > To unsubscribe send an email to ceph-users-leave@xxxxxxx
> > >
>
>
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx



[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux